September 2013

E-commerce capabilities assessment:
-Security of e-payment systems-
Case of the Democratic republic of Congo

Master Thesis

Author: Esperant NGONGO

Supervisor: Prof. Roberta Bernardi

Page | 2

Outline

E-commerce capabilities assessment: security of e-payment systems. Case of the Democratic republic of Congo

Table of Content

Abstract Preface

Acknowledgement

1. Introduction 6

1.1. Introduction 6

1.2. Motivation of the subject 6

1.3. Problem statement 7

1.4. Research questions 7

1.5. Scope and limitations 7

1.6. Methodology 8

2. Literature review 9

2.1. Overview 9

2.2. Definition of e-commerce 9

2.3. Types of e-commerce 10

2.4. M-commerce 12

2.5. E-commerce capabilities overview 12

2.6. Information system capabilities 13

2.6.1. Introduction 13

2.6.2. Information system capabilities overview 13

2.6.3. Information system capabilities in the scope of e-commerce 15

2.6.4. Information technology infrastructure for e-commerce 16

2.7. Information security capabilities for e-commerce 18

2.7.1. Introduction 18

2.7.2. Overview of the security of e-commerce 18

2.7.3. Overview of the security of e-commerce network 26

2.8. Securing e-payment systems for B2C e-commerce 28

2.8.1. Payment cards 29

2.8.2. Electronic cash 30

2.8.3. Stored-value card 31

2.8.4. E-checking 31

2.8.5. Security of mobile payment 33

2.9. Conclusion on the literature review 33

3. Research methodology 34

3.1. Introduction 34

3.2. Research design and justification 34

3.2.1. Introduction 34

3.2.2. Choice of the methodology 36

3.3. Data collection and sampling 37

3.3.1. Sampling technique 37

3.3.2. Sampling definition 38

3.3.3. Data collection method 39

Page | 3

3.4. Data analysis 40

3.4.1. Introduction 40

3.4.2. Data analysis method 41

4. Research findings 42

4.1. Response rate 42

4.2. Research findings 42

4.2.1. Working experience of respondents 42

4.2.2. Job position 43

4.2.3. E-payment services offered 44

4.2.4. Issues faced by e-payment systems 44

4.3. Specific findings for CIA security concept 45

4.3.1. Confidentiality 45

4.3.2. Integrity 46

4.3.3. Availability 48

4.4. Summary 49

5. Conclusion and recommendations 50

5.1. Introduction 50

5.2. Conclusion 50

5.2.1. E-payment system 50

5.2.2. E-payment system security 50

5.3. Recommendations 52

5.4. Areas for further studies 53

5.5. Study limitations 53

6. References / Bibliography 54

7. Appendix 57

7.1. List of abbreviations 57

7.2. List of figures 58

7.3. List of table 58

7.4. Questionnaire 69

Statement of originality

In presenting this dissertation for assessment, I declare that it is a final copy including any last revisions. I also declare that it is entirely the result of my own work other than where sources are explicitly acknowledged and referenced within the body of the text. This dissertation has not been previously submitted for any degree at this or any other institution.

Page | 4

Esperant NGONGO MBULI

Page | 5

Abstract

This research study investigates to what extend the e-payment systems are secured in order to contribute to the development of e-commerce capabilities in the Democratic Republic of Congo (DRC). This study has also assesses the existence of adequate e-commerce capabilities in terms of e-payment systems and how their security can be leveraged to really contribute to their effective use in the electronic payment transaction.

The research uses the survey method with questionnaire based on closed questions built from the checklist published by the International Standards Organization (ISO) as framework for information security assessment.

The major conclusion of this study is that some capabilities for e-commerce such as e-payment systems are available in the country but their security must be enforced and managed for the advert of e-commerce era which is yet in its inception phase.

Acknowledgement

I would like to thank the following people who provided to me significant support for the completion of my MBA program and this research, namely:

- Professor Roberta Bernardi, my supervisor, she has been a great source of advice and guidance in the development of this research and her valuable

support on reading material was highly appreciated. Thank you so much.

- My lovely wife, Tina who has been an important pillar and source of motivation through my MBA program and during this research. Thank you for your patience and lovely commitment shown.

- My children, Grace, Kelly, Joyce, Marie-Rose and Esperance Junior to whom I missed during the time I was involved in my journey to MBA and for the fun time sacrificed to the benefit of this research. This study is dedicated to you as source of motivation and inspiration for your studies as well.

- The professors at Robert Kennedy College who gave us valuable intellectual foods and reading materials for the acquisition of knowledge in Advanced Information Technology and Business Management. Thank you for your devotion.

- Above all, the Mighty GOD for the blessing given to the success of this achievement

Page | 6

Chapter 1: Introduction

I.1. Introduction

Modern electronic commerce (e-commerce) is one of the biggest commercial activities using the internet as channel of diffusion. The advance and continuing development of internet technologies in telecommunications and mobile applications has propelled the growth of E-commerce. Consequently making it much easier to do business over the internet and reach mass audiences globally and even in remote places.

E-commerce is now part of our lives and companies trading via the internet are exposed in a high speed changing environment where business opportunities changed frequently, according to the customer needs and technology innovations.

How this technology can be implemented in least developed country with poor telecommunication infrastructure, poor electronic payment systems, lack of regulation and capabilities in the subject matter?

Despite the fact that many studies focused on showing that less developed countries face a lack of telecommunication infrastructures and electronic payment systems, recent developments of mobile telephony in Africa change the way e-commerce can be perceived in this part of World because of the opportunities discovered in this emerged market.

So the question is not only about the infrastructures for e-commerce, which really exist, but in term of the existence of capabilities for e-commerce and how they can be leverage to develop the e-commerce.

I.2. Motivation of the subject

E-commerce is a new form of digital economy development where no physical boundary and face-to-face interaction are necessary to do commercial transaction.

In the Democratic republic of Congo (DRC), the fact that the growth of mobile technology and the large penetration of mobile telephony companies in the country, despite the fact that the telecommunication infrastructure in not well developed, can constitute an opportunity for the e-commerce development.

However, there is no research available to assess effectively the capabilities readiness of the country for the development of e-commerce.

The aim of this work is to assess if adequate e-commerce capabilities exist in the country and how they can be leveraged to the development of e-commerce. The focus will be given to the payment systems and their security.

I.3. Page | 7

Problem Statement

E-commerce is related to Internet technologies and electronic payment systems which are not well developed in most of the least developed countries like the Democratic republic of Congo (DRC). However, the development of the mobile telephony market offers some opportunities of getting internet access and m-commerce facilities in most of urban and suburban areas with high concentration of population.

The objective of this work is to define how e-commerce can be implemented in DRC taking into account all constraints of e-commerce capabilities.

Because the internet access in only present in urban areas, the research will focus only on companies located in such areas.

The poor penetration of the internet and the lack of electronic payment systems can be recognized as a detriment to the development of e-business in the country. Even if there is a regulation board for telecommunication and information technology, there are no rules defined for electronic commerce and electronic payment.

I.4. Research Question

Among many research questions which can be raised in the e-commerce field in the developing country like DRC, the choice for this research is to respond to the most fundamental question regarding e-commerce capabilities.

Do adequate e-commerce capabilities exist in the country and how to leverage them to the development of e-commerce? Does adequate security of payment systems exist in order to promote online payment?

I.5. Scope and limitation

This research in not intended to examine all capabilities involved in the development of e-commerce. According to the actual stage of telecommunication infrastructure development in the country, the adoption of the mobile telephony system as primary telecommunication media and the opportunity currently exploited by three major operators in mobile fund transfer system, the scope of this work will be limited to the main capabilities which are likely to be preponderant to an effective e-commerce development.

The following capabilities will be covered by the study:

1. Information and communication technology (ICT) which will include telecoms and computer infrastructure.

2. Payment systems capabilities which must be used for online transactions.

3. Security of the identified payment systems which can be used for the development of e-commerce.

Of course some aspect of regulation will be considered also as governance capabilities.

Page | 8

The study will be limited to the capital city of the country, Kinshasa, where there is a potentiality of e-commerce development according to the fact it is the first business center in the country where most of big businesses and banks have their head quarters.

Findings and recommendations will be then easily replicated to the most of urban areas of the country where minimal capabilities are available.

I.6. Methodology

There are no available statistics published in the country about e-commerce; the e-commerce is not yet in inception phase. This work will be among the first step in the research about the e-commerce development in the country.

Therefore, the objective of the research can only be achieved by collecting data from different available sources of information in areas where e-commerce capabilities are likely to be present ; academic researches, special journal in IS and web resources. The research will also use data collected from survey via interviews of organizations which will be involved in the e-commerce development, mostly banks, regulation board and Mobile operators.

Page | 9

Chapter 2: Literature review

II.1. Introduction

This chapter will discuss e-commerce terminologies involve in the good understanding of the key concepts of e-commerce like its definition, forms and organization. It'll also provide a clear understanding of capabilities which are necessary for the development of e-commerce.

There are a lot of reading resources available covering the e-commerce subject but a very few manual about e-commerce capabilities have been available for this research. Most of available information has been collected through master or doctoral thesis and form special technological journal.

II.2. Definition of e-commerce

Many authors defined e-commerce by designing a commercial activity conducted by the use of internet and/or electronic systems (Turban et al. 2008, Laudon and Laudon, 2006, Cobham, 2005).

Among the definitions chosen, Turban et al. (2008: p4) describe e-commerce as «a process of buying, selling, transferring, or exchanging products, services, and/or information via computer networks, including the Internet».

The Laudon's used the term Internet and web for the business transaction to define e-commerce (K. Laudon & J. Laudon, 2006), while a year before Graham Curtis and David Cobham (2005, p212) defined e-commerce in its broadest context as «any exchange of information or business transaction that is facilitated by the use of information and communication technologies».

In the same vision as Curtis and Cobham, Beynon-Davies (2002) separate the concept e-commerce which constitute the exchange of goods and services between businesses, individuals or groups by the use of Information and Communication technology (ICT) and I-commerce which is the use of internet technologies to enable e-commerce.

It means that the development of e-commerce couldn't be possible without the development of ICT and specially the Internet technology which is one of the key drivers for e-commerce development.

Page | 10

II.3. Types of e-commerce

It is better to know how e-commerce is classified to understand the different business models provided by this new economy.

Turban et al. 2008, K. Laudon and J. Laudon, 2006, David Cobham, 2005) classify electronic commerce by the nature or the way the participants involve in the electronic transaction. According to this point of view, three forms of e-commerce are identified:

1. Business-to-consumer e-commerce (B2C)

2. Business-to-business e-commerce (B2B)

3. Consumer-to-consumer e-commerce (C)

However, with the development of mobile and wireless technologies, the use of e-commerce, which was primarily conducted through fixed computers and networked terminals, can now be conducted wirelessly. This new development gives a new concept of e-commerce called Mobile commerce or m-commerce (Turban et al. 2008).